This could well be considered risky behavior. A .DOC file containing macros can be renamed to .RTF. Word will quite happily open and execute the macros in these files. (One of the Melissa variants took advantage of this). Getting people used to practices that have inherent weaknesses in them leads to a false sense of security and, IMO, a greater risk of infection. RTF fits that bill all too well. -- Mary Landesman -----Original Message----- From: Kevin Brown [mailto:kevin@kbrownfox.net] Sent: Friday, April 05, 2002 8:57 PM To: 'BUGTRAQ@SECURITYFOCUS.COM' Subject: RE: More Office XP problems RTF is a benign file format and does not support scripting or embedded HTML tags. I know of large companies that require all external documents be sent to them as RTF to avoid the problems of macro viruses and other malicious code. Brownfox -----Original Message----- From: Paul Schmehl [mailto:pauls@utdallas.edu] Sent: Friday, April 05, 2002 6:36 PM To: Leonard Chung; guninski@guninski.com; Ben Schorr Cc: 'BUGTRAQ@SECURITYFOCUS.COM' Subject: RE: More Office XP problems The default editor for Outlook XP (2002) is Word *if* Office is installed. (I don't know if it is if Office isn't installed.) Default "sending type" is RTF. {{shudder}}
